If you tried to visit us between Tuesday (03/06) evening (6PM Eastern) and Thursday (03/08) evening (6PM Eastern) then you probably received an alert from Chrome or Firefox indicating that there were suspicious or malware files found on this site. Well, it's true. At first we thought it was coming from an ad off one of the 2 ad networks that serve the site, since several scans of the server for malware came up empty. Unfortunately, someone found a vulnerability in our server and injected some malicious code (on Tuesday evening at 6PM) into one of the files that supports the site, and that had caused the malware warning banners to be displayed.
The good news is that we were able to find the malicious code and eradicate it (on Thursday evening at 6PM), so it is once again safe to visit us here at Jayisgames.com. The bad news is that if you visited us between those two dates and times then you may have been infected with a virus. You should scan your computer for malware to be on the safe side. We apologize for any inconvenience that this issue may cause you.
The warning banners continued until Google reviewed the site to confirm the issue had been resolved. (As of 03/09 at 9:00 AM Eastern time, Google confirmed there is no malware on the site and removed the banners.)
We work very hard to maintain a safe browsing experience for everyone, but there's really no way to ensure something like this will never happen. All we can do is try our very best, and resolve any situation that arises as quickly and efficiently as we can.
To that end, I have just completed a migration to a brand new server that I hope provides us with an increased level of security. We have upgraded most of the underlying software that was the foundation of JIG for the past several years, and we hope that it will provide an even better experience for you than ever before (though there are bound to be a few hiccups here and there until we can get things fine-tuned).
If you were the victim of malicious code getting onto your computer, again I apologize for the terrible inconvenience this has caused you. If there is some way I can make it up to you, please let me know. I will do my best to answer all emails.
Thank you for your continued support and for your visits, your comments, and your enthusiasm for what we love to do here at Jayisgames.
Update: Added specific dates and times of the incident above.
This bugs me a little, but it isn't your fault, Jay. This kind of things just happens.
I've visited the site several times even with the warning on, so I'm currently running a scan to check my computer for virus ; I don't think I will find anything, but I strongly recommend EVERY user who did the same as me to do so.
Thank you for even making an article about it, Jay, not everyone would have done so... you're awesome.
Yep, fully agree, although it's ofcourse not a good thing that there was a vulnerability, these things can happen and the way you're handling it is open and honest, kudos for that!
Hey Jay,
Just wanted to thank you for the info and the openness and honesty. Top notch and a fine example of integrity! I'm sorry this happened to YOU as well as anyone else who was adversely affected, and I appreciate the offer you made to try and make it up to folks. Somehow I just know it's a real and heartfelt offer that you will follow through on. While these things do happen, why anyone would want to be malicious on such a wonderful site with the goal and aim of giving folks a moment of escape from this crazy world is beyond me. I recommend for them some R&R at JIG! :o) All the best to JIG - you're quality and today that's rare.
Hi Jay,
If you know, can you give details of what likely malware was attempting to be installed? No virus scanner can check for all infections so it would useful to know what was trying to be infected so it can be manually checked for.
Thanks.
Aw boo, how exactly do you do a virus scan on a mac? lol I always ran like hell from the warnings so I never had to deal with stuff like this... but when I saw it on jig, lets just say I needed to get my room escape fix :(
Anyway, I still love you jig!
Hey, crap happens! What can you do? Don't let it keep you awake, man. We all still support you.
Jay,
I've been enjoying your site for years now ever since stumbling onto the first hapland here all those years ago. I've never been compelled to created a user account, until now, to say thanks for being up front about everything.
Thank You.
I will echo the sentiments already posted here and say thank you, Jay, for working so hard to provide us with a (free!!) safe place to play. I would also like to add my thanks for the response to the Facebook message I sent yesterday when I first noticed the warning. I was floored to receive a response to begin with, let alone within an hour after I sent the message! You're a classy guy, Jay, and a darn fine webmaster. I will continue recommending this site to all my friends. Best of luck with the server changes. :D
That's a good point, MdB. I wish I knew what to look for, but I don't believe I was affected (I use a Mac). Some people were reporting that when they visited us they were redirected to a different site, a site that Google was reporting to me yesterday as a known site that distributes malware. I was never redirected anywhere and I was surfing here a LOT since I've been working on the site nearly 24/7 for the past 4 weeks working on this server upgrade (it was planned waaay before this ever happened).
If anyone does find something, I'd be happy to post the information here in an update so people know what to look for.
Thanks everyone for being so supportive. Everyone here at JIG really appreciates it! :)
I feel like I am just repeating but as others have said, thank you for being so candid, and for your quick responses on both Twitter and Facebook last night. It must have been the last thing you wanted to spend time on. There is nothing better than just being honest about what is happening.
Funny thing is I thought the redirects were odd, but I was distracted and just killed them. I did get around to running a full scan which picked up a couple, then came the FF and chrome warnings.
Anyway, it is all sorted now, and good luck going forward.
You get 5 mushrooms for your handling of an unhappy situation
Yad
ps I still think we deserve an Escape from Malware Wednesday !
Fortunately I hadn't visited while the message was up, but I still wanted to say thank you for posting this. I've been coming here for quite some time and you guys never fail to impress me. Thanks for your honesty and integrity Jay.
Jay:
Now I can't comment anymore? I went to comment for the first time today, my last comment on the site was telling you about my experiences with the malware issues yesterday, and I get this message:
Your comment submission failed for the following reasons:
Too many comments have been submitted from you in a short period of time. Please try again in a short while.
@ chiuni: For free Mac antivirus, I use ClamXav. You're probably safe, since Mac OS is both more secure and less targeted by malware, but it doesn't hurt to check.
I see 2 comments from you within 2 minutes of each other. One on "The Spell Breaker Quest" and one on this one.
If anyone has trouble commenting on the new server, try emptying your browser cache and reload the site. Many files have changed, and any hiccups you experience may be the old scripts trying to run on the new server, which won't work.
@Jay,
You are a class act! Like everyone else, I'm sorry this happened to you, but I'm so glad that you acted so quickly and responsibly. This is how to build a loyal following!
[and I'm glad I use a Mac :oD Thanks @Mike for the ClamXav info}
I just did a Malwarebytes scan of my system, and it picked one item, which was located in a "temp" directory In Windows. It was an executable file called "IWantThis.exe", and the vendor's name was "Adware.Gameplaylabs".
I have removed it, and "no harm, no foul," Jay. Thanks for the great site, that I (and many, many others) have enjoyed for years.
I only posted this so it may help someone else locate whatever we all might have picked up over the last couple of days (or to help all of you at JIG figure out where it came from in the first place...)
Now, can we all just get back to gaming, please? :P
Yay - glad you're back so fast!
Kaspersky grabbed the attempted download before I even realized what was happening, so no foul here.
Jay, thank you so much for bringing this to our attention. A few days ago I was redirected to an odd web page, mostly blank with an error message, which I stupidly thought nothing of as JIG is a trustworthy site. I did not get any alerts, is this because I am running IE? I have run a Microsoft Security Essentials virus scan and it picked up two things : Exploit:Java/CVE-2011-3544.BI and Exploit:Java/CVE-2010-0840.PB. I have no idea what they are but I hope the information might help someone who does. I am now going to download Malwarebytes and rescan as I didn't get "IWantThis.exe" that hamfist mentioned.
Thank You for your fantastic site. You are The Best! :)
To echo what others have already said, JIG has ALWAYS been a class act. One of the main reasons I stay loyal to Jay and his terrific team.
Yesterday, I got multiple Avast warnings regarding a blocked malicious file from "columbia*DOT*myvnc*DOT*com". It happened the first time when I tried to visit this site. My browser would redirect to a related page. Java stopped working properly. Wasn't sure what caused it.
Upon restart, Avast was disabled, and I could not reenable it. My Slingbox stopped working. I scanned with SuperAntiSpyware but found nothing. I tried to scan with Malwarebytes, but it was not starting.
I reinstalled Malwarebytes and scanned, but found nothing. I also reinstalled Avast, and it worked. A scan didn't find anything either. My slingbox was apparently unrelated, as it was not receiving any power. I replaced the AC adapter with one of the same size, and it powered on, so I'm thinking it may have been a coincidence, though it is odd that it worked that morning and then suddenly stopped after I restarted due to this issue. It only works for a few minutes right now, but this may be because the adapter I'm using right now might not be compatible. I'm going to try and scan everything again and see what comes up.
I just wanted to post all this to let you and everyone else know about the issues I encountered. Maybe knowing this will help someone else, or maybe someone can shine some light on my issues and give me a lead on what to do next to ensure my system is clean.
Thank you for posting this, Jay. I appreciate being able to track down where the problem came from. And I appreciate your immediate response to the issue. It shows that you take pride in your work and your site, and you have respect for your audience. It definitely does not go unnoticed.
[I'm sorry you're going through all this, DAM. Maybe you should consider reinstalling your OS at this point. I received an email from someone else who resorted to the same solution. Also, I edited your comment to obfuscate the maleware url just to be on the safe side. -Jay]
Like DAM, I too have "Columbia.....com" in my history. Apart from running a virus scan, which I have done, what else can I do to make sure my computer is clean? It really worries me that I had no warnings apart from when Jay told us! I'm really not tech savvy so any advice would be appreciated. Thanks.
I am no expert on the topic, since I use a Mac and only use Windows when I absolutely need to, so my expertise with viruses and malware is very limited.
I believe the only sure way to be certain your Windows computer is clean, if you're not a systems engineer, is to reinstall the operating system. From my experience with a hijacked browser many months ago on Windows 2000, a virus is an extremely difficult thing to remove on one's own if you have one.
Both you and DAM might try to boot your computer from a clean, certain-to-be-virus-free external drive, and scan your computer's hard drives from that. Only then can you be relatively sure that the anti-virus scanner isn't being disabled by any potential virus your computer may have. That's the best advice I can give besides reinstalling the OS.
Thanks for the post about it, it's good to see someone be so up front about this. I bypassed the error page a few times, figuring it was an error on Google's part - but I didn't see any popups or the like. I'll report back if I find anything odd in the full scan I run tonight.
Thanks to Jay for the quick response and the info. I have been a lurker for years and finally made an account. I saw the fake redirect and thought nothing of it-I had Norton running after all-and BAM infected! All of my shortcuts lost their source and everything I tried to open asked what program I wanted to open it with. 70 dollars later-my own fault as I didn't complete the tasks needed for Norton to make a recover disk-they remoted in and I am back in business. This is a fabulous website and one of my first go-to places for internet fun. Keep up the good work and post those escape games faster! :0)
Thanks for the superfast response Jay. I was going on JiG the day before LDF, like I usually do after the new one, when I saw that Kaspersky said it detected a malware download. I thought it was a temporary ad problem, so I closed the browser and thought "I'll come back tomorrow when the ads rotate and contact Jay." Lo and behold, a malware warning from Firefox. I came back yesterday, made sure Firefox was running safely and powered through the warning to find this. Now, today, it's already completely fixed. Don't worry man, happens to everyone. Stroke of luck you were updating to the new server, now you can be pretty much sure there's no more malware.
Hi Jay,
Thanks for this post. Much appreciated. Please feel free to disregard my email from last night - I'm sure you've got many more urgent ones to deal with right now...
Really glad it's all resolved at your end.
In particular, thank you for saying "there's really no way to ensure something like this will never happen. All we can do is try our very best, and resolve any situation that arises as quickly and efficiently as we can."
This shows to me that you properly get the "security is a process not a product" thing that Bruce Schneier goes on about. To me, as someone who has had to learn more about online security than he really wanted to in the past, this is about the most reassuring thing you could possibly have said.
Nothing online is bulletproof; what is important is how you deal with it when bad stuff happens - you've been open and honest, told people what happened, what you've done to fix it at your end and what they might need to do at theirs, and there really isn't anything else you could have done. Thank you for that.
Here's hoping it's a really long time (hopefully never) until something like this happens again... :)
Hey Jay,
Thank you for your openess and honesty.
I now realise that the virus I had on my pc - guess I was one of the unlucky ones - might indeed come from the site. And I visit your site almost daily, never thought it could do any harm. My AVG didn't prevent the virus from messing up my pc, but the damage was limited: up-and-running again, as you can see, and no big data losses.
Anyway, no hard feelings! Although I'm not a expert, but guess this sh*t happens, right?
Just want to tell you I will continue visiting your site, using it as my portal to play the games you - and your team - offer daily!
I'm sorry that happened to you, Pat, and I'm glad you recovered from it. Thank you for continuing to trust us for your daily entertainment. We appreciate it and we will work hard to earn and maintain that trust.
Just to document my experience, I visited the site during the time it was compromised, and I was redirected- but I immediately x-ed out, and my web history doesn't show any strange sites. I have had multiple crashes on my Mac since visiting the site, but I can't say this correlation implies causation - I have been playing a lot of King Arthur's Gold. I haven't done a virus scan
Obviously I'm dedicated to JIG, and I support Jay, like the rest, etc...
[Thanks, Xheia. About your issues, though, the crashes are alarming but I'm a bit skeptical that they are related to this incident at all. I also use a Mac and was working on the site all through the problems we were having and never once was I redirected and never once has my Mac crashed at all since. I have since scanned my OS and its files and found nothing. You should definitely get a good Mac virus-scanner and make sure your system is clean. -Jay]
Hey Jay,
Are you sure that the virus is completely removed? My computer is picking up all sorts of weird stuff when I load the page, and I'm not sure why. It's disabling this portion of the adserver, which I believe is where the initial problem happened. While my computer isn't acting up in any way, it does seem a little odd....
Good luck on eliminating this problem!
I am quite certain the virus was removed completely, Google verified that for us. I just took a look at the ad server and everything looks good with that, too.
I don't know what you mean by "My computer is picking up all sorts of weird stuff when I load the page", can you please be more specific? And please contact me directly by email so I can help you individually pinpoint what you're experiencing.
Be sure you have emptied your browser cache before reloading the site. Many scripts have changed since we switched servers, and if your browser cached the old versions it's very likely you are seeing weird stuff, which is harmless.
Hi Jay
I have had a few redirects again this morning for the first time since Thursday, which seems much like it started last time. All the redirects contained 195.3.145.110. Virus scan is showing nothing so far.
I only mention it now, because I think I was too slow before and this seems so much like how it started.
Anyhow hopefully is just me.
Yaddab
I just rescanned the server and found nothing. I'll keep watch for anything unusual, but so far I'm not finding anything. I've sent you an email to get more information from you, so check your inbox please.
[Update: After hearing more about your issues via email, I am almost certain your computer is still infected with a virus. Make sure you do a virus scan of your computer while booted from an external source that's not infected. That's the only way to be sure any virus isn't masking itself from detection or disabling the anti-virus program in some way. -Jay]
Jay, would you consider it an exception advertising if I named a certain site to help those who've really got problems?
[Not a problem. -Jay]
Update